Add req.csrfToken to every url rendered.

rooseveltframework · Sep 29, 2023 · eba3563 · eba3563
1 parent 1bfd937
commit eba3563
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/lib/setExpressConfigs.js b/lib/setExpressConfigs.js
@@ -104,7 +104,14 @@ async function csrfProtection (app) {
   const csrfProtection = csrf({ middleware: 'session' })
   app.use(csrfProtection)
   app.use((req, res, next) => {
-    req.csrfToken()
+    app.get(req.url, csrfProtection, (req, res) => {
+      res.sendFile(req.url, { csrfToken: req.csrfToken() })
+    })
+
+    app.post(req.url, csrfProtection, (req, res) => {
+      res.sendFile(req.url)
+    })
+
     next()
   })
 }
diff --git a/package-lock.json b/package-lock.json